Vulnerability in Okta Java_management_sdk
CVE-2025-66033
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are…
EPSS: 0.002 (13.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Okta Java_management_sdk
- Okta Okta-sdk-java — versions >= 21.0.0, < 24.0.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
- security-advisories@github.com (Patch, x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-66033?
- CVE-2025-66033 is a medium-severity vulnerability in Okta Java_management_sdk, classified under Missing Release of Memory after Effective Lifetime. CVSS score: 5.3/10. Published 2025-12-10.
- How severe is CVE-2025-66033?
- Medium severity. CVSS v3 base score is 5.3 out of 10.